Thanks Lenni for your feedback! Added some data points (links) to the doc. For the external dependencies, here is the list I got using "mvn clean dependency:list -DexcludeTransitive=true" and doing some cleaning up for duplicates:
ant-contrib cglib com.google.guava com.jolbox commons-cli commons-lang commons-logging io.dropwizard.metrics javax.jdo joda-time junit log4j org.apache.commons org.apache.curator org.apache.derby org.apache.hadoop org.apache.hive.hcatalog org.apache.hive org.apache.pig org.apache.sentry org.apache.shiro org.apache.solr org.apache.sqoop org.apache.thrift org.apache.zookeeper org.datanucleus org.easymock org.easytesting org.eclipse.jetty org.hamcrest org.mockito org.objenesis org.slf4j I do not see anything except for junit in our proposal document. I think we should document these dependencies and their licenses some where? Thanks! On Wed, Jan 20, 2016 at 4:41 PM, Lenni Kuff <[email protected]> wrote: > Hi Sravya, > Thanks for putting together this document, it's very useful. With respect > to your comments: > > 1) Dependencies - Not sure if there is a better way, but you can run > something like: > *>* *mvn clean dependency:list -DexcludeTransitive=true* > to get a listing of all the current dependencies specified in the > project. > > > 2) Only comments in the doc are to point out links to backup your point > where relevant. > > Thanks, > Lenni > > On Wed, Jan 20, 2016 at 2:53 PM, Sravya Tirukkovalur <[email protected]> > wrote: > > > Hello all, > > > > Bumping up this thread after the holiday season. Please take a look and > > provide feedback. > > > > Also I updated the doc to capture the vote for Committer == PPMC. > > > > I still have one outstanding question: > > - How do projects usually keep track of list of external dependencies for > > license checking? Is it just reading through the maven pom file? Or is > > there a standard way? > > > > I think I figured the answer for this question - What is the source of > > truth for ICLAs? How do we double check all new committers have ICLAs > > filed? > > - Members with ICLAs filed and in Sentry group should appear here: > > http://people.apache.org/committers-by-project.html#sentry > > > > On Fri, Nov 27, 2015 at 10:25 PM, Sravya Tirukkovalur < > [email protected] > > > > > wrote: > > > > > Hi folks, > > > > > > Here is the initial draft of Sentry maturity assessment: > > > > > > https://cwiki.apache.org/confluence/display/SENTRY/Sentry+maturity+assessment > > > > > > Mentors & community members: Your feedback is valuable here. Looking > > > forward to constructive criticism if any, which can help the Sentry > > > community and its graduation. > > > > > > Also, I had a couple quick questions while drafting this. > > > 1. How do projects usually keep track of list of external dependencies? > > Is > > > it just reading through the maven pom file? Or is there a standard way? > > > 2. What is the source of truth for ICLAs? How do we double check all > new > > > committers have ICLAs filed apart from reading through the private mail > > > archives? > > > > > > Regards, > > > -- > > > Sravya Tirukkovalur > > > > > > > > > > > -- > > Sravya Tirukkovalur > > > -- Sravya Tirukkovalur
